From nobody Tue Feb 10 12:57:14 2026 Received: from mail-yx1-f47.google.com (mail-yx1-f47.google.com [74.125.224.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1ADC6331200 for ; Fri, 14 Nov 2025 15:54:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763135649; cv=none; b=c6yvDzAwjC0nDa+jKBoO9+25GPF6SEkdGGR+wvbbT/WjelbLUrBOV2bccYer4Ikf2aogRTyCqgVH0U+JBEkoq7s3jlvo/suizm0+Nlz7w2nxBpqXEi4iPIDD2RaK5sYlxUCQRarNuNRjWRrLgo3wxo4Wd1UxnsxzUnV/gWMEV+E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763135649; c=relaxed/simple; bh=9957cpb0s8i9qCfo4c3G/1yMuiNgkzklJH9rqoPOv5w=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=E7cd8V++zj3u71/eyKOf/2MpoETh40BFiVxHPPfH3x0mM5CGTrPRrW8rS8tKt9hhSwRolt0W17UENT4voXITAuAVeo8LxTRjAtZkMgtYLRBJSfhJV81oxsy6chIqh3DBx5zmZEPc1AYILWvLJ+ZLl/gQfGby1sb/Z48880Ow/jM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com; spf=pass smtp.mailfrom=soleen.com; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b=IxF5IM7/; arc=none smtp.client-ip=74.125.224.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=soleen.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=soleen.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com header.b="IxF5IM7/" Received: by mail-yx1-f47.google.com with SMTP id 956f58d0204a3-63e16fbdd50so1968309d50.2 for ; Fri, 14 Nov 2025 07:54:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; t=1763135647; x=1763740447; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mhKTIQNEYkcaFtj/KVfNXsYw1sfQy1wKIwy75vaOKnA=; b=IxF5IM7/YQNTgc46iqcr8a8zODjUzaTtTYe35QHMqseD0rjAnUKKh10QVwWolfUpf+ JzTuUYOHQ6SxLtnvQVuZSWc/sA3jCLS8rhj4xSTLNrWfiDonsY09p2D6P5PH2YR8AvHI qEkQZardgwZEfc6VxUgUcYVdxBiDgupJMYwg867i2UKH+tpApo3ERiytuBDzahjqRdT0 4Lfj55xJ/L7MxHLx0xtd9YFBzgpPIrE0WIitki+ux7Ozrb9/LY2Hrn5UPSkXzCQfQJbc r9UvfVr0snMqZMar79MPbapO+fn0EXWhqY44vJxXUMQDjOtvM3UraBildyqwb+Qc4m4t EkHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763135647; x=1763740447; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mhKTIQNEYkcaFtj/KVfNXsYw1sfQy1wKIwy75vaOKnA=; b=cTNBTbsg2z5Yffxyxp/WSR4cPRSGH/4LdxOBpz1yIUD/gwFckUHthNJICo2lj/M27p CoSRRF50Is4zJL3b5Yw1m9IhrRoWV9PDRlyBIHNBGKKuko1VDIKcwaCn3tMgmC6EBP2A zr/SkiUgOkltesZenQBTs0t8fe1CjdN+VMn9X0XL8t/fipjFE43D8TT+xGCZtvKke9ml Vuov91vYF1SH7MpnIGqGK4O4XxcZpqUBEqi6xKEWKpQu+vWGfiVLk9L60WiCsn2IaPcy 0QbNjx2h1WUHy92CFtfS1zqx3cBeFVXK05YdLmLo/hLGKNCF/kXSQlpU5ntLwdO3gAMr cHtQ== X-Forwarded-Encrypted: i=1; AJvYcCWtEKk/rKtoM9gmK9iTxZv/D4Xum49eGPvUjXXEswTFL8H9kdcVnwyGnlTMqJufw4kFw+Cvpw+msF2LT1g=@vger.kernel.org X-Gm-Message-State: AOJu0YxMoiUG+C9pbO5XSMz83Xv7cPQI8CCh03IZv0UjiYxFBh6v/xay URYp7PMjohUc94+dWkw0TX0vVitQjjE/HIlehGWwxReQyBDwbpnBV3zwOiiNJ39VPvU= X-Gm-Gg: ASbGncv21s48u5Jx0eDDrFfh7FSVh2E7fIoFdlf23pzLjuCVUY5l5Y34CdEsPZ84ZET d0TMtbDDRl1BUCjrbrbmWeJVaILbIahui3TXc9iqjuTonTyqfFhaXV2V72XeGBbHapaIkrB4Y5j s9cNqTULyblBnWsGiX3kfehUaW93nd8/lYZJaAS+Zvx48eMkEvCxNKES4cxlPyNqZogpbZINOqD eLsFpzpk2lAeBEBlHwkWbDiYdlRAnD1Tq4qrmpHVcVN+0IijOiaG55Q3tZCoO4bgZ9ZlAXrpwIw /4Act8M/cEkgQ/rIG06750SnK5VPhQUF9z5u4vmbMAx16ly8Iy7amp4fJYkU9IaCAcY81rsq5Qs cwFzMAugd1xM36FgLfK84p3SwtwF+6yZSsxOlcfCCVTEJCIXL5agfWDD6FmgyKss9JNcMBfE3ws eqpAzFe1GrERRhzADbUMPCXmqwbpAm5If/ePoFIVJHyyMGBuYwbHdma52MFX2JbvN1pkzYAVOIZ 9NiPy4= X-Google-Smtp-Source: AGHT+IEJQtu/Dz82I0FeERgoL2lysnBiw3v4C+//1rJhBKK/+KWOlrhz3FcpRzXmN9PhDx5QWGdAiA== X-Received: by 2002:a05:690e:259a:b0:63f:aa5b:bce1 with SMTP id 956f58d0204a3-641e760a530mr2430273d50.39.1763135646933; Fri, 14 Nov 2025 07:54:06 -0800 (PST) Received: from soleen.c.googlers.com.com (182.221.85.34.bc.googleusercontent.com. [34.85.221.182]) by smtp.gmail.com with ESMTPSA id 00721157ae682-78822125317sm16468577b3.37.2025.11.14.07.54.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 07:54:06 -0800 (PST) From: Pasha Tatashin To: akpm@linux-foundation.org, bhe@redhat.com, pasha.tatashin@soleen.com, rppt@kernel.org, jasonmiu@google.com, arnd@arndb.de, coxu@redhat.com, dave@vasilevsky.ca, ebiggers@google.com, graf@amazon.com, kees@kernel.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, linux-mm@kvack.org Subject: [PATCH v1 04/13] kho: Verify deserialization status and fix FDT alignment access Date: Fri, 14 Nov 2025 10:53:49 -0500 Message-ID: <20251114155358.2884014-5-pasha.tatashin@soleen.com> X-Mailer: git-send-email 2.52.0.rc1.455.g30608eb744-goog In-Reply-To: <20251114155358.2884014-1-pasha.tatashin@soleen.com> References: <20251114155358.2884014-1-pasha.tatashin@soleen.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" During boot, kho_restore_folio() relies on the memory map having been successfully deserialized. If deserialization fails or no map is present, attempting to restore the FDT folio is unsafe. Update kho_mem_deserialize() to return a boolean indicating success. Use this return value in kho_memory_init() to disable KHO if deserialization fails. Also, the incoming FDT folio is never used, there is no reason to restore it. Additionally, use memcpy() to retrieve the memory map pointer from the FDT. FDT properties are not guaranteed to be naturally aligned, and accessing a 64-bit value via a pointer that is only 32-bit aligned can cause faults. Signed-off-by: Pasha Tatashin --- kernel/liveupdate/kexec_handover.c | 32 ++++++++++++++++++------------ 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_h= andover.c index a4b33ca79246..83aca3b4af15 100644 --- a/kernel/liveupdate/kexec_handover.c +++ b/kernel/liveupdate/kexec_handover.c @@ -450,20 +450,28 @@ static void __init deserialize_bitmap(unsigned int or= der, } } =20 -static void __init kho_mem_deserialize(const void *fdt) +/* Return true if memory was deserizlied */ +static bool __init kho_mem_deserialize(const void *fdt) { struct khoser_mem_chunk *chunk; - const phys_addr_t *mem; + const void *mem_ptr; + u64 mem; int len; =20 - mem =3D fdt_getprop(fdt, 0, PROP_PRESERVED_MEMORY_MAP, &len); - - if (!mem || len !=3D sizeof(*mem)) { + mem_ptr =3D fdt_getprop(fdt, 0, PROP_PRESERVED_MEMORY_MAP, &len); + if (!mem_ptr || len !=3D sizeof(u64)) { pr_err("failed to get preserved memory bitmaps\n"); - return; + return false; } + /* FDT guarantees 32-bit alignment, have to use memcpy */ + memcpy(&mem, mem_ptr, len); + + chunk =3D mem ? phys_to_virt(mem) : NULL; + + /* No preserved physical pages were passed, no deserialization */ + if (!chunk) + return false; =20 - chunk =3D *mem ? phys_to_virt(*mem) : NULL; while (chunk) { unsigned int i; =20 @@ -472,6 +480,8 @@ static void __init kho_mem_deserialize(const void *fdt) &chunk->bitmaps[i]); chunk =3D KHOSER_LOAD_PTR(chunk->hdr.next); } + + return true; } =20 /* @@ -1377,16 +1387,12 @@ static void __init kho_release_scratch(void) =20 void __init kho_memory_init(void) { - struct folio *folio; - if (kho_in.scratch_phys) { kho_scratch =3D phys_to_virt(kho_in.scratch_phys); kho_release_scratch(); =20 - kho_mem_deserialize(kho_get_fdt()); - folio =3D kho_restore_folio(kho_in.fdt_phys); - if (!folio) - pr_warn("failed to restore folio for KHO fdt\n"); + if (!kho_mem_deserialize(kho_get_fdt())) + kho_in.fdt_phys =3D 0; } else { kho_reserve_scratch(); } --=20 2.52.0.rc1.455.g30608eb744-goog